Skip to main content
AI governance & enterprise trust
Your data. Your model boundaries. Your audit log.
Ezelogs runs vertical AI inside enterprise guardrails — tenant-isolated, cost-controlled, fully observable. Built so legal, security, and finance can ship it without standing in the way.
AI Governance
How vertical AI ships inside enterprise guardrails
Six controls that make Ezelogs AI safe to deploy across owners, public agencies, and regulated trades — without slowing down the field.
Tenant-isolated AI
Vector + relational stores scoped per workspace. No cross-tenant retrieval, no cross-tenant training — ever.
Model boundaries you control
Choose model class per workflow. Pin to US, EU, or MENA region. PII redaction before any prompt leaves your tenant.
Cost-controlled orchestration
Per-workspace token + run quotas, model routing (small for routine, frontier for complex), forecast preview before agent execution.
Observability & audit
Every prompt, retrieval, tool-call traced. Model version + confidence pinned to every output. Exportable for owners, auditors, insurers.
Role-aware governance
RBAC down to the document across 18+ construction roles. Human-in-the-loop required for consequential actions.
Zero training on your data
Inference under zero-retention contracts with OpenAI + Anthropic. Your data is never used for model training, by us or our LLM providers.
Compliance
Audited where it matters
SOC 2 Type II
LiveAnnual audit by an independent third party. Report under NDA.
GDPR
LiveEU data residency, DPA available, sub-processor list maintained.
CCPA
LiveCalifornia consumer privacy controls, data subject requests honored.
ISO 27001
In progressStage 2 audit scheduled. Statement of applicability available on request.
HIPAA
Available on requestBAA available for healthcare construction projects.
PCI DSS
Via StripeNo card data ever touches Ezelogs servers.
Data protection
Encrypted, residency-aware, recoverable
Encryption at rest
AES-256 on all stored data. Per-tenant keys for enterprise.
Encryption in transit
TLS 1.3 minimum. HSTS preloaded. Certificate pinning on mobile.
Regional residency
US, EU and UAE regions. Pin tenant data to a region at signup.
Key management
AWS KMS with annual key rotation. BYOK on Enterprise plan.
Backups
Continuous WAL streaming + daily snapshots, 35-day retention, cross-region.
Data deletion
Self-serve export. Hard delete within 30 days of contract end.
Access & identity
Zero-trust, role-aware, fully audited
RBAC
Role-based access at project, company and field levels. Custom roles on Enterprise.
SSO
SAML 2.0 and OIDC. Pre-built connectors for Okta, Azure AD, Google Workspace.
SCIM provisioning
Automated user lifecycle from your identity provider.
MFA enforcement
TOTP and WebAuthn. Org-wide enforcement policies.
Audit log
Immutable, exportable, queryable. Streamed to your SIEM on Enterprise.
Least privilege
Field-level access scopes for sensitive items (rates, margins, payroll).
Sub-processors
The vendors we trust to serve you
Updated as our stack evolves. Subscribe to changes via the trust center.
| Vendor | Purpose | Region |
|---|---|---|
| AWS | Primary hosting, storage, KMS | us-east-1, eu-west-1, me-central-1 |
| Cloudflare | CDN, WAF, DDoS protection | Global |
| Stripe | Payment processing | US, EU |
| Postmark | Transactional email | US |
| OpenAI | LLM inference (zero retention contract) | US |
| Anthropic | LLM inference (zero retention contract) | US |
| Datadog | Observability and APM | US, EU |
Vulnerability disclosure
Found something? We respond within one business day and run a coordinated disclosure program with safe-harbor protections for good-faith research. PGP key on the trust center.
Frequently asked
Where is my data stored?
Pin a tenant to US (us-east-1), EU (eu-west-1) or UAE (me-central-1) at signup. Data does not leave the chosen region.
Do AI models train on my data?
No. Inference happens under zero-retention contracts. Your data is never used for model training, by us or our LLM providers.
Can I get the SOC 2 report?
Yes — under NDA, request via security@ezelogs.com. Trust pack with summary controls available without NDA.
How fast do you patch critical vulnerabilities?
Critical: under 24 hours. High: under 7 days. Tracked publicly in our trust center status page.